5,042 research outputs found
On the Complexity of Fair Coin Flipping
A two-party coin-flipping protocol is -fair if no efficient adversary can bias the output of the honest party (who always outputs a bit, even if the other party aborts) by more than . Cleve [STOC \u2786] showed that -round -fair coin-flipping protocols do not exist. Awerbuch et al. [Manuscript \u2785] constructed a -fair coin-flipping protocol, assuming the existence of one-way functions. Moran et al. [Journal of Cryptology \u2716] constructed an -round coin-flipping protocol that is -fair (thus matching the aforementioned lower bound of Cleve [STOC \u2786]), assuming the existence of oblivious transfer.
The above gives rise to the intriguing question of whether oblivious transfer, or more generally ``public-key primitives\u27\u27, is required for an -fair coin flipping. This question was partially answered by Dachman-Soled et al. [TCC \u2711] and Dachman-Soled et al. [TCC \u2714], who showed that restricted types of fully black-box reductions cannot establish -fair coin-flipping protocols from one-way functions. In particular, for constant-round coin-flipping protocols, Dachman-Soled et al. showed that black-box techniques from one-way functions can only guarantee fairness of order .
We make progress towards answering the above question by showing that, for any constant , the existence of an -fair, -round coin-flipping protocol implies the existence of an infinitely-often key-agreement protocol, where denotes some universal constant (independent of ).
Our reduction is non black-box and makes a novel use of the recent dichotomy for two-party protocols of Haitner et al. [FOCS \u2718] to facilitate a two-party variant of the recent attack of Beimel et al. [FOCS \u2718] on multi-party coin-flipping protocols
Fair Loss-Tolerant Quantum Coin Flipping
Coin flipping is a cryptographic primitive in which two spatially separated
players, who in principle do not trust each other, wish to establish a common
random bit. If we limit ourselves to classical communication, this task
requires either assumptions on the computational power of the players or it
requires them to send messages to each other with sufficient simultaneity to
force their complete independence. Without such assumptions, all classical
protocols are so that one dishonest player has complete control over the
outcome. If we use quantum communication, on the other hand, protocols have
been introduced that limit the maximal bias that dishonest players can produce.
However, those protocols would be very difficult to implement in practice
because they are susceptible to realistic losses on the quantum channel between
the players or in their quantum memory and measurement apparatus. In this
paper, we introduce a novel quantum protocol and we prove that it is completely
impervious to loss. The protocol is fair in the sense that either player has
the same probability of success in cheating attempts at biasing the outcome of
the coin flip. We also give explicit and optimal cheating strategies for both
players.Comment: 12 pages, 1 figure; various minor typos corrected in version
Serial composition of quantum coin-flipping, and bounds on cheat detection for bit-commitment
Quantum protocols for coin-flipping can be composed in series in such a way
that a cheating party gains no extra advantage from using entanglement between
different rounds. This composition principle applies to coin-flipping protocols
with cheat sensitivity as well, and is used to derive two results: There are no
quantum strong coin-flipping protocols with cheat sensitivity that is linear in
the bias (or bit-commitment protocols with linear cheat detection) because
these can be composed to produce strong coin-flipping with arbitrarily small
bias. On the other hand, it appears that quadratic cheat detection cannot be
composed in series to obtain even weak coin-flipping with arbitrarily small
bias.Comment: 7 pages, REVTeX 4 (minor corrections in v2
Chances, counterfactuals and similarity
John Hawthorne in a recent paper takes issue with Lewisian accounts of counterfactuals, when relevant laws of nature are chancy. I respond to his arguments on behalf of the Lewisian, and conclude that while some can be rebutted, the case against the original Lewisian account is strong.
I develop a neo-Lewisian account of what makes for closeness of worlds. I argue that my revised version avoids Hawthorne’s challenges. I argue that this is closer to the spirit of Lewis’s first (non-chancy) proposal than is Lewis’s own suggested modification
Teaching Bayesian Model Comparision with the Three-Sided Coin
In the present work we introduce the problem of determining the probability that a rotating and bouncing cylinder (i.e. flipped coin) will land and come to rest on its edge. We present this problem and analysis as a practical, nontrivial example to introduce the reader to Bayesian model comparison. Several models are presented, each of which take into consideration different physical aspects of the problem and the relative effects on the edge landing probability. The Bayesian formulation of model comparison is then used to compare the models and their predictive agreement with data from hand-flipped cylinders of several sizes
- …